Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-21916— usb: atm: cxacru: fix a flaw in existing endpoint checks

EPSS 0.03% · P8

Affected Version Matrix 20

VendorProductVersion RangeStatus
LinuxLinux23926d316d2836315cb113569f91393266eb5b47< dcd592ab9dd8a2bfc36e75583b9006db2a77ec24affected
75ddbf776dd04a09fb9e5267ead5d0c989f84506< 319529e0356bd904528c64647725a2272d297c83affected
1aac4be1aaa5177506219f01dce5e29194e5e95a< bf4409f84023b52b5e9b36c0a071a121eee42138affected
5584c776a1af7807ca815ee6265f2c1429fc5727< 197e78076c5ecd895f109158c4ea2954b9919af6affected
f536f09eb45e4de8d1b9accee9d992aa1846f1d4< a0475a885d69849b1ade38add6d64338dfa83a8faffected
2eabb655a968b862bc0c31629a09f0fbf3c80d51< cfc295f7cccf66cbd5123416bcf1bee2e1bd37deaffected
2eabb655a968b862bc0c31629a09f0fbf3c80d51< 903b80c21458bb1e34c3a78c5fdc553821e357f8affected
2eabb655a968b862bc0c31629a09f0fbf3c80d51< c90aad369899a607cfbc002bebeafd51e31900cdaffected
… +12 more rows
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-21916

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
usb: atm: cxacru: fix a flaw in existing endpoint checks
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix a flaw in existing endpoint checks Syzbot once again identified a flaw in usb endpoint checking, see [1]. This time the issue stems from a commit authored by me (2eabb655a968 ("usb: atm: cxacru: fix endpoint checking in cxacru_bind()")). While using usb_find_common_endpoints() may usually be enough to discard devices with wrong endpoints, in this case one needs more than just finding and identifying the sufficient number of endpoints of correct types - one needs to check the endpoint's address as well. Since cxacru_bind() fills URBs with CXACRU_EP_CMD address in mind, switch the endpoint verification approach to usb_check_XXX_endpoints() instead to fix incomplete ep testing. [1] Syzbot report: usb 5-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 0 PID: 1378 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503 ... RIP: 0010:usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503 ... Call Trace: <TASK> cxacru_cm+0x3c8/0xe50 drivers/usb/atm/cxacru.c:649 cxacru_card_status drivers/usb/atm/cxacru.c:760 [inline] cxacru_bind+0xcf9/0x1150 drivers/usb/atm/cxacru.c:1223 usbatm_usb_probe+0x314/0x1d30 drivers/usb/atm/usbatm.c:1058 cxacru_usb_probe+0x184/0x220 drivers/usb/atm/cxacru.c:1377 usb_probe_interface+0x641/0xbb0 drivers/usb/core/driver.c:396 really_probe+0x2b9/0xad0 drivers/base/dd.c:658 __driver_probe_device+0x1a2/0x390 drivers/base/dd.c:800 driver_probe_device+0x50/0x430 drivers/base/dd.c:830 ...
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Linux kernel 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于未正确验证USB端点地址。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
LinuxLinux 23926d316d2836315cb113569f91393266eb5b47 ~ dcd592ab9dd8a2bfc36e75583b9006db2a77ec24 -
LinuxLinux 6.10 -

II. Public POCs for CVE-2025-21916

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-21916

登录查看更多情报信息。

Same Patch Batch · Linux · 2025-04-01 · 93 CVEs total

CVE-2025-219478.1 HIGHksmbd: fix type confusion via race condition when using ipc_msg_send_request
CVE-2025-21926net: gso: fix ownership in __udp_gso_segment
CVE-2025-21932mm: abort vma_modify() on merge out of memory failure
CVE-2025-21935rapidio: add check for rio_add_net() in rio_scan_alloc_net()
CVE-2025-21937Bluetooth: Add check for mgmt_alloc_skb() in mgmt_remote_name()
CVE-2025-21936Bluetooth: Add check for mgmt_alloc_skb() in mgmt_device_connected()
CVE-2025-21939drm/xe/hmm: Don't dereference struct page pointers without notifier lock
CVE-2025-21938mptcp: fix 'scheduling while atomic' in mptcp_pm_nl_append_new_local_addr
CVE-2025-21934rapidio: fix an API misues when rio_add_net() fails
CVE-2025-21928HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()
CVE-2025-21927nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()
CVE-2025-21929HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove()
CVE-2025-21925llc: do not use skb_get() before dev_queue_xmit()
CVE-2025-21924net: hns3: make sure ptp clock is unregister and freed if hclge_ptp_get_cycle returns an e
CVE-2025-21922ppp: Fix KMSAN uninit-value warning with bpf
CVE-2025-21923HID: hid-steam: Fix use-after-free when detaching device
CVE-2025-21920vlan: enforce underlying device type
CVE-2025-21921net: ethtool: netlink: Allow NULL nlattrs when getting a phy_device
CVE-2025-21919sched/fair: Fix potential memory corruption in child_cfs_rq_on_list
CVE-2025-21918usb: typec: ucsi: Fix NULL pointer access

Showing top 20 of 93 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

Same product: Linux
Same vendor: Linux

V. Comments for CVE-2025-21916

No comments yet

Leave a comment